/* ---------------------------------------------------------------------------
   (c) Copyright 2006 ActivIdentity, Inc.
   All Rights Reserved.

   This program is an unpublished copyrighted work which is proprietary
   to ActivIdentity. This computer program includes Confidential,
   Proprietary Information and is a Trade Secret of ActivIdentity.
   Any use, disclosure, modification and/or reproduction is prohibited
   unless authorized in writing by ActivIdentity.

   WARNING:  Unauthorized reproduction of this program as well as
   unauthorized preparation of derivative works based upon the
   program or distribution of copies by sale, rental, lease or
   lending are violations of federal copyright laws and state trade
   secret laws, punishable by civil and criminal penalties.
   --------------------------------------------------------------------------- */

/* ---------------------------------------------------------------------------
   Disclaimer

   ACTIVIDENTITY MAKES NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE 
   CONTENTS OR USE OF THIS SOFTWARE, AND SPECIFICALLY DISCLAIMS ANY EXPRESS
   OR IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR
   PURPOSE. Further, ActivIdentity reserves the right to revise this software
   and to make changes to its content, at any time, without obligation to
   notify any person or entity of such revisions or changes.
   --------------------------------------------------------------------------- */

#ifndef _ACKEAPI_H_

#define _ACKEAPI_H_


#if defined (WIN32) || defined (_WIN32_WCE)
	#include <windows.h>
#else 
	#ifndef __UNIX_
		#define __UNIX_

		#define CALLBACK
		#define FALSE 0
		#define TRUE 1
		typedef int BOOL;
	#endif
#endif

#include "acm.h"

/* Public accessors to retrieve the various parts of the version */
#define ACKE_MAJOR_VERSION(x)		ACM_MAJOR_VERSION(x)
#define ACKE_MINOR_VERSION(x)		ACM_MINOR_VERSION(x)
#define ACKE_BUILD_VERSION(x)		ACM_BUILD_VERSION(x)

#ifdef	__cplusplus 
extern "C" {
#endif

#define IN
#define OUT
#define INOUT

/* version size */
#define ACKE_VERSION_VERSION_SIZE		ACM_VERS_VERSIONLEN
#define ACKE_VERSION_COPYRIGHT_SIZE		ACM_VERS_COPYRIGHTLEN
#define ACKE_VERSION_COMMENT_SIZE		ACM_VERS_COMMENTLEN

/* Value for the static credentials */
#define ACKE_SCR_DOMAIN_REALM		ACM_SCR_DOMAIN_REALM
#define ACKE_SCR_LOGIN_NAME			ACM_SCR_LOGIN_NAME
#define ACKE_SCR_PASSWORD			ACM_SCR_PASSWORD
#define ACKE_SCR_CUSTOM_INFO		ACM_SCR_CUSTOM_INFO
#define ACKE_SCR_RESERVED			ACM_SCR_RESERVED

/* Value Size */
#define ACKE_CHALLENGE_SIZE			ACM_CHALLENGE_SIZE
#define ACKE_SERVER_CHALLENGE_SIZE	ACM_SERVER_CHALLENGE_SIZE
#define ACKE_CODE_SIZE				ACM_CODE_SIZE
#define ACKE_MAX_KEY_SIZE			ACM_MAX_KEY_SIZE
#define ACKE_CERT_NB				ACM_CERT_NB
#define ACKE_EXT_CERT_NB			ACM_EXT_CERT_NB
#define ACKE_CERT_FIELD_SIZE		ACM_CERT_FIELD_SIZE
#define ACKE_SERVICE_NAME_SIZE		SDB_SERVICE_NAME_SIZE

#define ACKE_PIN_MAXLEN		ACM_MINI_PIN_SIZE

/* Get Challenge parameters */
#define ACKE_CHALLENGE_MIN		0
#define ACKE_CHALLENGE_MAX		-1

/* Re-synchronization type */
#define ACKE_RESYNC_NONE		0		/* Do not resync */
#define ACKE_RESYNC_ONCE		1		/* Resync once   */
#define ACKE_RESYNC_ALWAYS		2		/* Resync always */

/* Des Type */
#define	ACKE_DES_TYPE_1				ACM_DES_TYPE_1	/* Simple DES */
#define	ACKE_DES_TYPE_3				ACM_DES_TYPE_3	/* Triple DES */

/* and key size (hex ascii) */
#define ACKE_DES_KEY_SIZE	ACM_KEY_DES1_CARNB
#define ACKE_DES3_KEY_SIZE	ACM_KEY_DES3_CARNB

/* Counter type */
#define ACKE_AUTH_COUNTER		0
#define ACKE_CERT_COUNTER		1

/* Rand value type */
#define ACKE_INTERNAL_RANDOM_GENERATOR	0

/* Default synchronization counter value */
#define ACKE_SYNC_COUNTER_DEFAULT_VALUE -1

/* Default synchronization clock value */
#define ACKE_SYNC_CLOCK_DEFAULT_VALUE -1

/* Default counter range value */
#define ACKE_COUNTER_RANGE_DEFAULT_VALUE -1

/* "Software" PIN mode: gives both the PIN position and whether to check it or not */
#define ACKE_PIN_NONE	ACM_PIN_NONE
#define ACKE_PIN_AFTER_NOCHECK				ACM_PIN_AFTER /* PIN after code, but don't check it */
#define ACKE_PIN_BEFORE_NOCHECK				ACM_PIN_BEFORE /* PIN before code, but don't check it */
#define ACKE_PIN_BEFORE_OR_AFTER_NOCHECK	ACM_PIN_BEFORE_OR_AFTER /* PIN before or after code, but don't check it */

#define	ACKE_PIN_CHECK					ACM_PIN_CHECK
#define ACKE_PIN_AFTER_CHECK			(ACKE_PIN_AFTER_NOCHECK | ACKE_PIN_CHECK) /* PIN after code, and check it */
#define ACKE_PIN_BEFORE_CHECK			(ACKE_PIN_BEFORE_NOCHECK | ACKE_PIN_CHECK) /* PIN before code, and check it */
#define ACKE_PIN_BEFORE_OR_AFTER_CHECK	(ACKE_PIN_BEFORE_OR_AFTER_NOCHECK | ACKE_PIN_CHECK) /* PIN before or after code, and check it */

/* Error codes for various functions */	
enum
{
	ACKE_ERR_NOERROR = 0,					/* No Error */

	ACKE_ERR_INTERNAL_ERROR = 1,			/* Internal error */
	ACKE_ERR_BAD_PARAM = 2,					/* Bad parameter */

	ACKE_ERR_SYNCHRONIZATION_FAILURE = 10,	/* Synchronization failure  */
	ACKE_ERR_BAD_CHALLENGE_CD = 11,			/* Bad challenge check digit */
	ACKE_ERR_BAD_AUTH_CODE_CD = 12,			/* Bad code check digit  */
	ACKE_ERR_BAD_AUTH_CODE = 13,			/* Bad code */
	ACKE_ERR_BAD_COUNTER_VALUE = 14,		/* Bad counter value */
	ACKE_ERR_WRONG_PIN = 15,				/* Wrong "software" PIN value */

	ACKE_ERR_SERVICE_NOT_FOUND = 20,		/* Unable to retrieve service from input SDB */
	ACKE_ERR_INVALID_CHALLENGE_SIZE = 21,	/* Challenge size passed is not within the min and max limits defined in the input SDB */
	ACKE_ERR_INVALID_CHALLENGE = 22,		/* Challenge passed is not the same as the one in input SDB */
	ACKE_ERR_INVALID_RANDOM_VALUES = 23,	/* Random numbers passed are invalid (randValue or randMax < 0 or randValue > randMax) */
	ACKE_ERR_INVALID_SYNC_COUNTER = 24,		/* Invalid value for re-synchronization counter, [valid is 0-9, -1] */
	ACKE_ERR_INVALID_SYNC_CLOCK = 25,		/* Invalid value for re-synchronization clock, [valid is 0-9, -1] */
	ACKE_ERR_INVALID_DOMAIN_SIZE = 26,		/* Domain name string size greater than ACM_SCR_DOMAIN_REALM */
	ACKE_ERR_INVALID_LOGIN_SIZE = 27,		/* Login name string size greater than ACM_SCR_LOGIN_NAME */
	ACKE_ERR_INVALID_PASSWORD_SIZE = 28,	/* Password string size greater than ACM_SCR_PASSWORD */
	ACKE_ERR_INVALID_CUSTOMINFO_SIZE = 29,	/* Custom information string size greater than ACM_SCR_CUSTOM_INFO */
	ACKE_ERR_BAD_STATIC_CREDENTIAL = 30,	/* Bad static credential */

	ACKE_ERR_SDB_INVALID = 40,				/* The SDB is invalid */
	ACKE_ERR_SDB_NEEDKEY = 41,				/* The SDB encryption key is needed */
	ACKE_ERR_SDB_WRONG_KEY = 42,			/* The SDB encryption key is wrong */
	ACKE_ERR_SDB_WRONG_MAC = 43,			/* The SDB MAC is wrong */
	ACKE_ERR_SDB_MEMORYALLOC_FAILURE = 44,	/* Not enough memory to work on the SDB */
	ACKE_ERR_GENERIC_PKCS11 = 45	/* generic error for PKCS11 */
};

#define ACKE_SERVICE_SUCCEEDED ACKE_ERR_NOERROR

/* Api functions */

int CALLBACK acKEAsyncAuthGetChallenge(
		IN const char* pszEncryptionKey,
		INOUT PSDB pDeviceSDB,
		IN const char *pszServiceName,
		IN int nChallengeSize,
		IN int fValidateChallenge,
		IN unsigned int unRandValue,
		IN unsigned int unRandMax,
		OUT char *pszOutChallenge);

int CALLBACK acKEAsyncAuthGenerateCode(
		IN const char* pszEncryptionKey,
		INOUT PSDB pDeviceSDB,
		IN const char *pszServiceName,
		IN const char *pszChallenge,
		OUT char *pszAsyncAuthCode);

int CALLBACK acKEAsyncAuthCheckCode(
		IN const char* pszEncryptionKey,
		INOUT PSDB pDeviceSDB,
		IN const char *pszServiceName,
		IN const char *pszChallenge,
		IN const char *pszAsyncAuthCode,
		IN int fValidateChallenge);

int CALLBACK acKESyncAuthCheckCode(
		IN const char* pszEncryptionKey,
		INOUT PSDB pDeviceSDB,
		IN const char *pszServiceName,
		IN const char *pszSyncAuthCode,
		IN unsigned long ulClock);

int CALLBACK acKESyncAuthGenerateCode(
		IN const char* pszEncryptionKey,
		INOUT PSDB pDeviceSDB,
		IN const char *pszServiceName,
		IN unsigned long ulComputerClock,
		IN int nSynchroCounter,
		IN int nSynchroClock,
		OUT char *pszSyncAuthCode);

int CALLBACK acKESyncAuthSetAutoSyncFlag(
		IN const char* pszEncryptionKey,
		INOUT PSDB pDeviceSDB,
		IN const char *pszServiceName,
		IN int fAutoSyncFlag);

int CALLBACK acKEUpdateDeviceOffset(
		IN const char* pszEncryptionKey,
		INOUT PSDB pDeviceSDB,
		IN const char *pszServiceName,
		IN const char *pszDeviceClock,
		IN unsigned long ulComputerClock);

int CALLBACK acKEUpdateAuthenticationEventCounter(
		IN const char* pszEncryptionKey,
		INOUT PSDB pDeviceSDB,
		IN const char *pszServiceName,
		IN unsigned int unCounter);

int CALLBACK acKEUpdateCertificationEventCounter(
		IN const char* pszEncryptionKey,
		INOUT PSDB pDeviceSDB,
		IN const char *pszServiceName,
		IN unsigned int unCounter);

int CALLBACK acKEAutoSynchronizeCertificationCounterTime(
		IN const char* pszEncryptionKey,
		INOUT PSDB pDeviceSDB,
		IN const char *pszServiceName,
		IN const strExtCertifData *psData,
		IN const char *pszSyncCertificate,
		IN const unsigned long ulClockInSeconds,
		IN const int nCounterRange,
		IN const StrClockRange *psClockRange);

int CALLBACK acKEUnlockGenerateCode (
		IN const char* pszEncryptionKey,
		INOUT PSDB pDeviceSDB,
		IN const char *pszServiceName,
		IN const char *pszChallenge,
		OUT char *pszOutUnlockCode);

int CALLBACK acKEServerAuthGenerateCode (
		IN const char* pszEncryptionKey,
		INOUT PSDB pDeviceSDB,
		IN const char *pszServiceName,
		IN const char *pszChallenge,
		OUT char *pszServerAuthCode);

int CALLBACK acKEGetVersion(
		OUT char *pszVersion,
		OUT unsigned int *punVersion,
		OUT char *pszCopyright,
		OUT char *pszComment);

int CALLBACK acKEAsyncExtCertificateCheck(
		IN const char *pszEncryptionKey,
		INOUT PSDB pDeviceSDB,
		IN const char *pszServiceName,
		IN const strExtCertifData *psData,
		IN const char *pszAsyncCertificate);

int CALLBACK acKESyncExtCertificateCheck(
		IN const char* pszEncryptionKey,
		INOUT PSDB pDeviceSDB,
		IN const char *pszServiceName,
		IN const strExtCertifData *psData,
		IN const char *pszSyncCertificate,
		IN unsigned long ulClock);

int CALLBACK acKEAutoSynchronizeCounterTime(
		IN const char* pszEncryptionKey,
		INOUT PSDB pDeviceSDB,
		IN const char *pszServiceName,
		IN const char *pszSyncAuthCode,
		IN const unsigned long ulClockInSeconds,
		IN const int nCounterRange,
		IN const StrClockRange *psClockRange);

int CALLBACK acKEGetPIN(
 	IN const char* pszEncryptionKey,
	IN PSDB pSDB,
	IN const char *pszServiceName,
	OUT int *pnPINVerifyMode,
	INOUT int *pnPINBufferLen,
	OUT unsigned char *pPINBuffer);

int CALLBACK acKESetPIN(
 	IN const char* pszEncryptionKey,
	INOUT PSDB pSDB,
	IN const char *pszServiceName,
	IN int nPINVerifyMode,
	IN int nPINLen,
	IN unsigned char *pPIN);

/* Deprecated */

int CALLBACK acKEAsyncAuthCheckCodeEx(
		IN const char* pszEncryptionKey,
		INOUT PSDB pDeviceSDB,
		IN const char *pszServiceName,
		IN const char *pszChallenge,
		IN const char *pszAsyncAuthCode,
		IN const char *pszAmount,
		IN const char *pszCurrencyCode,
		IN int fValidateChallenge,
		acEMVAuthContext* pCBContext);

int CALLBACK acKESyncAuthCheckCodeEx(
		IN const char* pszEncryptionKey,
		INOUT PSDB pDeviceSDB,
		IN const char *pszServiceName,
		IN const char *pszSyncAuthCode,
		IN const char *pszAmount,
		IN const char *pszCurrencyCode,
		IN unsigned long ulClock,
		acEMVAuthContext* pCBContext);

int CALLBACK acKEAsyncCertificateCheck(
		IN const char *pszEncryptionKey,
		INOUT PSDB pDeviceSDB,
		IN const char *pszServiceName,
		IN const strCertifData *psData,
		IN const char *pszAsyncCertificate);

int CALLBACK acKESyncCertificateCheck(
		IN const char* pszEncryptionKey,
		INOUT PSDB pDeviceSDB,
		IN const char *pszServiceName,
		IN const strCertifData *psData,
		IN const char *pszSyncCertificate,
		IN unsigned long ulClock);

/* Unsupported */

int CALLBACK acKEStaticCredentialGetSet(
		IN const char* pszEncryptionKey,
		INOUT PSDB pDeviceSDB,
		IN const char *pszServiceName,
		INOUT char* pszDomainRealm,
		INOUT char* pszLoginName,
		INOUT char* pszPassword,
		INOUT char* pszCustomInfo);

int CALLBACK acKEStaticCredentialCheck(
		IN const char* pszEncryptionKey,
		INOUT PSDB pDeviceSDB,
		IN const char *pszServiceName,
		INOUT char* pszDomainRealm,
		INOUT char* pszLoginName,
		INOUT char* pszPassword);

#ifdef	__cplusplus
}
#endif

#endif /* ACKEAPI_H_ */
